forks/go-ethereum
1
0
Fork 1
mirror of https://github.com/ethereum/go-ethereum.git synced 2026-02-26 15:47:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1
go-ethereum/p2p/rlpx
History
fengjian c974722dc0
Some checks are pending
/ Docker Image (push) Waiting to run
Details
/ Linux Build (push) Waiting to run
Details
/ Linux Build (arm) (push) Waiting to run
Details
/ Keeper Build (push) Waiting to run
Details
/ Windows Build (push) Waiting to run
Details
crypto/ecies: fix ECIES invalid-curve handling (#33669) 
Fix ECIES invalid-curve handling in RLPx handshake (reject invalid
ephemeral pubkeys early)
- Add curve validation in crypto/ecies.GenerateShared to reject invalid
public keys before ECDH.
- Update RLPx PoC test to assert invalid curve points fail with
ErrInvalidPublicKey.
 
Motivation / Context
RLPx handshake uses ECIES decryption on unauthenticated network input.
Prior to this change, an invalid-curve ephemeral public key would
proceed into ECDH and only fail at MAC verification, returning
ErrInvalidMessage. This allows an oracle on decrypt success/failure and
leaves the code path vulnerable to invalid-curve/small-subgroup attacks.
The fix enforces IsOnCurve validation up front.
2026-01-29 10:56:12 +01:00
..
buffer.go p2p/rlpx: reduce allocation and syscalls (#22899) 2021-05-27 10:19:13 +02:00
buffer_test.go p2p/rlpx: reduce allocation and syscalls (#22899) 2021-05-27 10:19:13 +02:00
rlpx.go common/bitutil: deprecate XORBytes in favor of stdlib crypto/subtle (#33331) 2025-12-08 17:40:59 +01:00
rlpx_oracle_poc_test.go crypto/ecies: fix ECIES invalid-curve handling (#33669) 2026-01-29 10:56:12 +01:00
rlpx_test.go p2p: using testing.B.Loop (#32664) 2025-09-19 16:38:36 -06:00